Update Blog #1 webpage from version 4.0.2.16 to 4.1.0.24.
This commit is contained in:
parent
b80bcfa7f0
commit
355f6d4df5
SSH Key Fingerprint:
SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
@ -5,22 +5,19 @@
|
|||||||
<!-- Copyright 2022 Jake Winters -->
|
<!-- Copyright 2022 Jake Winters -->
|
||||||
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
||||||
|
|
||||||
<!-- Version: 4.0.2.16 -->
|
<!-- Version: 4.1.0.24 -->
|
||||||
|
|
||||||
|
|
||||||
<html>
|
<html>
|
||||||
|
<head>
|
||||||
<head>
|
|
||||||
<title>Inferencium - Blog - systemd Insecurity</title>
|
<title>Inferencium - Blog - systemd Insecurity</title>
|
||||||
<link rel="stylesheet" href="../inf.css">
|
<link rel="stylesheet" href="../inf.css">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
</head>
|
</head>
|
||||||
|
<!-- Navigation bar -->
|
||||||
<!-- Navigation bar. -->
|
<div class="sidebar">
|
||||||
<div class="sidebar">
|
<a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"></a>
|
||||||
<img src="../asset/img/logo-inferencium-no_text.png"
|
<a href="../index.html" class="title">Inferencium</a><br>
|
||||||
width="110px" height="110px">
|
|
||||||
<a class="title">Inferencium</a><br>
|
|
||||||
<br>
|
<br>
|
||||||
<br>
|
<br>
|
||||||
<div><a href="../about.html">About</a></div>
|
<div><a href="../about.html">About</a></div>
|
||||||
@ -28,98 +25,58 @@
|
|||||||
<div><a href="../blog.html">Blog</a></div>
|
<div><a href="../blog.html">Blog</a></div>
|
||||||
<div><a href="../source.html">Source</a></div>
|
<div><a href="../source.html">Source</a></div>
|
||||||
<div><a href="../key.html">Key</a></div>
|
<div><a href="../key.html">Key</a></div>
|
||||||
</div>
|
</div>
|
||||||
|
<body>
|
||||||
<body>
|
|
||||||
<h1>Blog - #1</h1>
|
<h1>Blog - #1</h1>
|
||||||
<br>
|
|
||||||
<br>
|
|
||||||
<br>
|
|
||||||
|
|
||||||
<h2>systemd Insecurity</h2>
|
<h2>systemd Insecurity</h2>
|
||||||
<br>
|
|
||||||
<p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p>
|
<p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p>
|
||||||
<p class="update_date">Updated: 2022-11-14 (UTC+00:00)</p>
|
<p class="update_date">Updated: 2022-11-14 (UTC+00:00)</p>
|
||||||
<br>
|
<!-- Table of contents -->
|
||||||
<br>
|
<section id="toc">
|
||||||
|
<h2 id="toc"><a href="#toc" class="h2">Table of Contents<a/></h2>
|
||||||
<!-- Table of contents. -->
|
|
||||||
<h2 id="toc"><a href="#toc" class="h2"
|
|
||||||
>Table of Contents<a/></h2>
|
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="#issue0" class="body-link"
|
<li><a href="#issue0" class="body-link">Issue #0 - Against CVE Assignment</a></li>
|
||||||
>Issue #0 - Against CVE Assignment</a></li>
|
<li><a href="#issue1" class="body-link">Issue #1 - CVEs Are Not Useful</a></li>
|
||||||
<li><a href="#issue1" class="body-link"
|
<li><a href="#issue2" class="body-link">Issue #2 - Security is a Circus</a></li>
|
||||||
>Issue #1 - CVEs Are Not Useful</a></li>
|
<li><a href="#issue3" class="body-link">Issue #3 - Blaming the User</a></li>
|
||||||
<li><a href="#issue2" class="body-link"
|
|
||||||
>Issue #2 - Security is a Circus</a></li>
|
|
||||||
<li><a href="#issue3" class="body-link"
|
|
||||||
>Issue #3 - Blaming the User</a></li>
|
|
||||||
</ul>
|
</ul>
|
||||||
<br>
|
</section>
|
||||||
<br>
|
|
||||||
<br>
|
|
||||||
|
|
||||||
<p>Anyone who cares about security may want to switch from systemd as soon as possible; its lead
|
<p>Anyone who cares about security may want to switch from systemd as soon as possible; its lead
|
||||||
developer doesn't care about your security at all.</p>
|
developer doesn't care about your security at all.</p>
|
||||||
<br>
|
<section id="issue0">
|
||||||
<br>
|
<h2 id="issue0"><a href="#issue0" class="h2">Issue #0 - Against CVE Assignment</a></h2>
|
||||||
<br>
|
|
||||||
|
|
||||||
<h2 id="issue0"><a href="#issue0" class="h2"
|
|
||||||
>Issue #0 - Against CVE Assignment</a></h2>
|
|
||||||
<br>
|
<br>
|
||||||
<blockquote>"You don't assign CVEs to every single random bugfix we do, do you?"</blockquote>
|
<blockquote>"You don't assign CVEs to every single random bugfix we do, do you?"</blockquote>
|
||||||
<p>- Lennart Poettering, systemd lead developer</p>
|
<p>- Lennart Poettering, systemd lead developer</p>
|
||||||
<br>
|
|
||||||
<p>My thoughts:<br>
|
<p>My thoughts:<br>
|
||||||
Yes, if they're security-related.</p>
|
Yes, if they're security-related.</p>
|
||||||
<br>
|
|
||||||
<p>Source:<br>
|
<p>Source:<br>
|
||||||
<a class="body-link" href="https://github.com/systemd/systemd/pull/5998#issuecomment-303782334"
|
<a href="https://github.com/systemd/systemd/pull/5998#issuecomment-303782334" class="body-link">systemd GitHub Issue 5998</a></p>
|
||||||
>systemd GitHub Issue 5998</a></p>
|
</section>
|
||||||
<br>
|
<section id="issue1">
|
||||||
<br>
|
<h2 id="issue1"><a href="#issue1" class="h2">Issue #1 - CVEs Are Not Useful</a></h2>
|
||||||
<br>
|
|
||||||
|
|
||||||
<h2 id="issue1"><a href="#issue1" class="h2"
|
|
||||||
>Issue #1 - CVEs Are Not Useful</a></h2>
|
|
||||||
<br>
|
|
||||||
<blockquote>"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
|
<blockquote>"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
|
||||||
CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either
|
CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either
|
||||||
inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't
|
inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't
|
||||||
bless..."</blockquote>
|
bless..."</blockquote>
|
||||||
<p>- Lennart Poettering, systemd lead developer</p>
|
<p>- Lennart Poettering, systemd lead developer</p>
|
||||||
<br>
|
|
||||||
<p>My thoughts:<br>
|
<p>My thoughts:<br>
|
||||||
CVEs are supposed to be for security, and a log of when they were found and their severity, so yes,
|
CVEs are supposed to be for security, and a log of when they were found and their severity, so yes,
|
||||||
it *is* the correct way to announce it. It seems as if over 95 security-concious people think the
|
it *is* the correct way to announce it. It seems as if over 95 security-concious people think the
|
||||||
same.</p>
|
same.</p>
|
||||||
<br>
|
|
||||||
<p>Source:<br>
|
<p>Source:<br>
|
||||||
<a class="body-link" href="https://github.com/systemd/systemd/pull/6225#issuecomment-311739869"
|
<a href="https://github.com/systemd/systemd/pull/6225#issuecomment-311739869" class="body-link">systemd GitHub Issue 6225</a></p>
|
||||||
>systemd GitHub Issue 6225</a></p>
|
</section>
|
||||||
<br>
|
<section id="issue2">
|
||||||
<br>
|
<h2 id="issue2"><a href="#issue2" class="h2">Issue #2 - Security is a Circus</a></h2>
|
||||||
<br>
|
|
||||||
|
|
||||||
<h2 id="issue2"><a href="#issue2" class="h2">
|
|
||||||
Issue #2 - Security is a Circus</a></h2>
|
|
||||||
<br>
|
|
||||||
<blockquote>"I am not sure I buy enough into the security circus to do that though for any minor
|
<blockquote>"I am not sure I buy enough into the security circus to do that though for any minor
|
||||||
issue..."</blockquote>
|
issue..."</blockquote>
|
||||||
<p>- Lennart Poettering, systemd lead developer</p>
|
<p>- Lennart Poettering, systemd lead developer</p>
|
||||||
<br>
|
|
||||||
<p>Source:<br>
|
<p>Source:<br>
|
||||||
<a class="body-link" href="https://github.com/systemd/systemd/issues/5144#issuecomment-276740654"
|
<a href="https://github.com/systemd/systemd/issues/5144#issuecomment-276740654" class="body-link">systemd GitHub Issue 5144</a></p>
|
||||||
>systemd GitHub Issue 5144</a></p>
|
</section>
|
||||||
<br>
|
<section id="issue3">
|
||||||
<br>
|
<h2 id="issue3"><a href="#issue3" class="h2">Issue #3 - Blaming the User</a></h2>
|
||||||
<br>
|
|
||||||
|
|
||||||
<h2 id="issue3"><a href="#issue3" class="h2"
|
|
||||||
>Issue #3 - Blaming the User</a></h2>
|
|
||||||
<br>
|
|
||||||
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
|
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
|
||||||
it in the first place. Note that not permitting numeric first characters is done on purpose: to
|
it in the first place. Note that not permitting numeric first characters is done on purpose: to
|
||||||
avoid ambiguities between numeric UID and textual user names.
|
avoid ambiguities between numeric UID and textual user names.
|
||||||
@ -131,16 +88,11 @@
|
|||||||
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but
|
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but
|
||||||
still: the username is clearly not valid."</blockquote>
|
still: the username is clearly not valid."</blockquote>
|
||||||
<p>- Lennart Poettering, systemd lead developer</p>
|
<p>- Lennart Poettering, systemd lead developer</p>
|
||||||
<br>
|
|
||||||
<p>My thoughts:<br>
|
<p>My thoughts:<br>
|
||||||
systemd was the thing that allowed root access just because a username started with a number, then
|
systemd was the thing that allowed root access just because a username started with a number, then
|
||||||
Poettering blamed the user.</p>
|
Poettering blamed the user.</p>
|
||||||
<br>
|
|
||||||
<p>Source:<br>
|
<p>Source:<br>
|
||||||
<a class="body-link" href="https://github.com/systemd/systemd/issues/6237#issuecomment-311900864"
|
<a href="https://github.com/systemd/systemd/issues/6237#issuecomment-311900864" class="body-link">systemd GitHub Issue 6237</a></p>
|
||||||
>systemd GitHub Issue 6237</a></p>
|
</section>
|
||||||
<br>
|
</body>
|
||||||
<br>
|
|
||||||
</body>
|
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user